Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CompTIA Security+ SY0-501 > Federated Identities 4.2 > Flashcards

Federated Identities 4.2 Flashcards

1
Q

Server-Based Authentication

A

Web communication is “stateless communication”. This begs the question, how do you provide authentication for a first server request, and then allow that authentication to continue when the communication is stateless? Traditionally this is accomplished because the server keeps track of who’s logged in. This is done by providing a session ID to the user. When there is a new request, the server checks to see if that session is still valid.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Stateless Protocol

A

A stateless protocol is a communications protocol in which no session information is retained by the receiver, usually a server. Relevant session data is sent to the receiver by the client in such a way that every packet of information transferred can be understood in isolation, without context information from previous packets in the session. This property of stateless protocols makes them ideal in high volume applications, increasing performance by removing server load caused by retention of session information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Token-Based Authentication

A

No session authentication. The server does not keep track of session ID’s but instead uses a stateless form for authentication. The server sends the client a token, and the client will store the token. Each time a request is made form the client, it includes the token along with the request. The server validates the token and responds. We see this used with Federation. Websites can partner and a token issued by one website, can be used on another website. Log in with Facebook, Google, or Twitter.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Security Assertion Markup Language (SAML)

A

This is an open standard for authentication and authorization. Shibboleth is open-source software that implements SAML to provide federated SSO. SAML defines the standard Shibboleth uses. Was not designed for mobile apps, so we don’s see it very much.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

OAuth

A

Provides resource authorization. Created by Twitter, Google, many big techs. Usually combined with OpenID connect which handles the sign on. OAuth provides authorization between the different apps.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CompTIA Security+ SY0-501 (134 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions